diff --git a/src/js/modules/file/save.js b/src/js/modules/file/save.js
index 4c97a35..e1b1588 100644
--- a/src/js/modules/file/save.js
+++ b/src/js/modules/file/save.js
@@ -123,6 +123,7 @@ class File_save_class {
 		if (parts.length > 1)
 			file_name = parts[parts.length - 2];
 		file_name = file_name.replace(/ /g, "-");
+		file_name = this.Helper.escapeHtml(file_name);
 
 		var save_types = [];
 		for(var i in file_types) {
diff --git a/src/js/modules/layer/rename.js b/src/js/modules/layer/rename.js
index dbf0b2b..0d8f217 100644
--- a/src/js/modules/layer/rename.js
+++ b/src/js/modules/layer/rename.js
@@ -30,7 +30,7 @@ class Layer_rename_class {
 					new app.Actions.Bundle_action('rename_layer', 'Rename Layer', [
 						new app.Actions.Refresh_layers_gui_action('undo'),
 						new app.Actions.Update_layer_action(id || config.layer.id, {
-							name: params.name
+							name: _this.validate_name(params.name)
 						}),
 						new app.Actions.Refresh_layers_gui_action('do')
 					])
@@ -39,6 +39,17 @@ class Layer_rename_class {
 		};
 		this.POP.show(settings);
 	}
+
+	validate_name(text) {
+		text = text
+			.replace(/&/g, "-")
+			.replace(/</g, "-")
+			.replace(/>/g, "-")
+			.replace(/"/g, "-")
+			.replace(/'/g, "-");
+
+		return text;
+	}
 }
 
 export default Layer_rename_class;